Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-5302 | Improper Access Control vulnerability in Citrix Xenserver Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | 9.8 |
| 2016-06-13 | CVE-2016-2496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 6.0/6.0.1 The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | 9.8 |
| 2016-06-13 | CVE-2016-2473 | Unspecified vulnerability in Google Android The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | 9.8 |
| 2016-06-10 | CVE-2016-5118 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | 9.8 |
| 2016-06-10 | CVE-2016-3720 | XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2016-06-10 | CVE-2016-2786 | Improper Input Validation vulnerability in Puppet Agent and Puppet Enterprise The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | 9.8 |
| 2016-06-10 | CVE-2016-2785 | Improper Access Control vulnerability in Puppet Puppet, Puppet Agent and Puppet Server Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. | 9.8 |
| 2016-06-10 | CVE-2016-4328 | Unspecified vulnerability in Medhost Perioperative Information Management System MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server. | 9.8 |
| 2016-06-10 | CVE-2016-4326 | Unspecified vulnerability in Chef Manage 1.11.4 The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. | 9.8 |
| 2016-06-10 | CVE-2016-0916 | Improper Authentication vulnerability in EMC Networker EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | 9.8 |